1<?php 2 3/** 4 * Licensed to Jasig under one or more contributor license 5 * agreements. See the NOTICE file distributed with this work for 6 * additional information regarding copyright ownership. 7 * 8 * Jasig licenses this file to you under the Apache License, 9 * Version 2.0 (the "License"); you may not use this file except in 10 * compliance with the License. You may obtain a copy of the License at: 11 * 12 * http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * Unless required by applicable law or agreed to in writing, software 15 * distributed under the License is distributed on an "AS IS" BASIS, 16 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17 * See the License for the specific language governing permissions and 18 * limitations under the License. 19 * 20 * PHP Version 7 21 * 22 * @file CAS/ProxyChain.php 23 * @category Authentication 24 * @package PhpCAS 25 * @author Adam Franco <afranco@middlebury.edu> 26 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 27 * @link https://wiki.jasig.org/display/CASC/phpCAS 28 */ 29 30/** 31 * A normal proxy-chain definition that lists each level of the chain as either 32 * a string or regular expression. 33 * 34 * @class CAS_ProxyChain 35 * @category Authentication 36 * @package PhpCAS 37 * @author Adam Franco <afranco@middlebury.edu> 38 * @license http://www.apache.org/licenses/LICENSE-2.0 Apache License 2.0 39 * @link https://wiki.jasig.org/display/CASC/phpCAS 40 */ 41 42class CAS_ProxyChain 43implements CAS_ProxyChain_Interface 44{ 45 46 protected $chain = array(); 47 48 /** 49 * A chain is an array of strings or regexp strings that will be matched 50 * against. Regexp will be matched with preg_match and strings will be 51 * matched from the beginning. A string must fully match the beginning of 52 * an proxy url. So you can define a full domain as acceptable or go further 53 * down. 54 * Proxies have to be defined in reverse from the service to the user. If a 55 * user hits service A get proxied via B to service C the list of acceptable 56 * proxies on C would be array(B,A); 57 * 58 * @param array $chain A chain of proxies 59 */ 60 public function __construct(array $chain) 61 { 62 // Ensure that we have an indexed array 63 $this->chain = array_values($chain); 64 } 65 66 /** 67 * Match a list of proxies. 68 * 69 * @param array $list The list of proxies in front of this service. 70 * 71 * @return bool 72 */ 73 public function matches(array $list) 74 { 75 $list = array_values($list); // Ensure that we have an indexed array 76 if ($this->isSizeValid($list)) { 77 $mismatch = false; 78 foreach ($this->chain as $i => $search) { 79 $proxy_url = $list[$i]; 80 if (preg_match('/^\/.*\/[ixASUXu]*$/s', $search)) { 81 if (preg_match($search, $proxy_url)) { 82 phpCAS::trace( 83 "Found regexp " . $search . " matching " . $proxy_url 84 ); 85 } else { 86 phpCAS::trace( 87 "No regexp match " . $search . " != " . $proxy_url 88 ); 89 $mismatch = true; 90 break; 91 } 92 } else { 93 if (strncasecmp($search, $proxy_url, strlen($search)) == 0) { 94 phpCAS::trace( 95 "Found string " . $search . " matching " . $proxy_url 96 ); 97 } else { 98 phpCAS::trace( 99 "No match " . $search . " != " . $proxy_url 100 ); 101 $mismatch = true; 102 break; 103 } 104 } 105 } 106 if (!$mismatch) { 107 phpCAS::trace("Proxy chain matches"); 108 return true; 109 } 110 } else { 111 phpCAS::trace("Proxy chain skipped: size mismatch"); 112 } 113 return false; 114 } 115 116 /** 117 * Validate the size of the the list as compared to our chain. 118 * 119 * @param array $list List of proxies 120 * 121 * @return bool 122 */ 123 protected function isSizeValid (array $list) 124 { 125 return (sizeof($this->chain) == sizeof($list)); 126 } 127} 128